Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
VPN Gateway Subnet Routing
« previous
next »
Print
Pages: [
1
]
Author
Topic: VPN Gateway Subnet Routing (Read 1507 times)
JordanPlayz158
Newbie
Posts: 1
Karma: 0
VPN Gateway Subnet Routing
«
on:
February 21, 2023, 05:31:54 pm »
I have added Mullvad WireGuard VPN to my Router as a gateway following
https://mullvad.net/en/help/pfsense-with-wireguard/
up until "Configure the outbound firewall", I have modified no firewall rules but it seems as though even with no routing modifications, once I added the gateway, now all traffic is going through the Mullvad VPN, while that is nice, it is not ideal as certain sites do not let you on when using a VPN. I would like to make firewall rules where I have all `192.168.1.0/24` traffic going through WAN gateway and `192.168.2.0/24` (using Virtual IP) going through the Mullvad Gateway that way I can get the best of both worlds (this can be very helpful to run this at the router level and route it transparently so I can use proxies/VPNs even on devices which may not have good support (or any), I have looked up so many different terms on the search engine and tries so many different fixes and read the documentation and tried to make my own rules (both almost exclusively in the Firewall->NAT->Outbound and Firewall->Rules) and I can't get it to work, I did come across a term which may assist in understanding, when I looked it up, the term used was "Policy based routing".
Firewall->NAT->Outbound:
MullvadVPN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * 500 MullvadVPN * YES Auto created rule for ISAKMP
MullvadVPN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * * MullvadVPN * NO Auto created rule
WAN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * 500 WAN * YES Auto created rule for ISAKMP
WAN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * * WAN * NO Auto created rule
I have tried manual rules only and hybrid and tried to override the automatic rules and change it to have WAN take precedence assuming Mullvad is the first rule (given the ordering of the rules) and uses that but that seems to be wrong as manual rules and hybrid override didn't appear to work. But also it appears manual rules don't have the same settings or perhaps look, for example, Nat Address only allows WAN net or WAN address, not just WAN and the automatic rules are able to select multiple sources (I was able to with an alias but still doesn't look the same as the automatic rules but I'd suspect that could just be a compact way to show the automatic rules).
Logged
zan
Full Member
Posts: 175
Karma: 31
Re: VPN Gateway Subnet Routing
«
Reply #1 on:
February 23, 2023, 03:08:29 am »
It sounds like your Wireguard gateway became your default route.
To prevent it you need to check the "Disable Routes" on your Wireguard setting.
Logged
wotcha
Newbie
Posts: 32
Karma: 3
Re: VPN Gateway Subnet Routing
«
Reply #2 on:
February 25, 2023, 04:35:41 pm »
Follow this guide exactly.
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
And instead of the phrase “WG_VPN_Hosts” just replace it with VLAN2.
So when you create the FW alias, instead create a Network and type in 192.168.2.1/24 or your VLAN2
So therefore Anywhere that it says “WG_VPN_Hosts”, that is just your VLAN2 network.
I think that’s what you’re asking…
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
VPN Gateway Subnet Routing